From 96f7d899c4e4f897156ac422f0b29a3ccab0a87c Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Wed, 11 Jun 2025 09:05:21 +0000
Subject: [PATCH 1/7] fix(ci): add audience param to
 aws-action/configure-aws-credentials

---
 .github/workflows/layers_partition_verify.yml | 4 ++++
 .github/workflows/layers_partitions.yml       | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/layers_partition_verify.yml b/.github/workflows/layers_partition_verify.yml
index f258c9490..dac9da885 100644
--- a/.github/workflows/layers_partition_verify.yml
+++ b/.github/workflows/layers_partition_verify.yml
@@ -52,6 +52,7 @@ jobs:
     outputs:
       regions: ${{ format('{0}{1}', steps.regions_china.outputs.regions, steps.regions_govcloud.outputs.regions) }}
       parition: ${{ format('{0}{1}', steps.regions_china.outputs.partition, steps.regions_govcloud.outputs.parition) }}
+      aud: ${{ format('{0}{1}', steps.regions_china.outputs.aud, steps.regions_govcloud.outputs.aud) }}
     steps:
       - id: regions_china
         name: Parition (China)
@@ -59,12 +60,14 @@ jobs:
         run: |
           echo regions='["cn-north-1", "cn-northwest-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-cn'>> "$GITHUB_OUTPUT"
+          echo aud='sts.amazonaws.com.cn'>> "$GITHUB_OUTPUT"
       - id: regions_govcloud
         name: Partition (GovCloud)
         if: ${{ inputs.partition == 'GovCloud' }}
         run: |
           echo regions='["us-gov-east-1", "us-gov-west-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-us-gov'>> "$GITHUB_OUTPUT"
+          echo aud='sts.amazonaws.com'>> "$GITHUB_OUTPUT"
   commercial:
     runs-on: ubuntu-latest
     permissions:
@@ -118,6 +121,7 @@ jobs:
           role-to-assume: ${{ secrets[format('IAM_ROLE_{0}', steps.transform.outputs.CONVERTED_REGION)] }}
           aws-region: ${{ matrix.region}}
           mask-aws-account-id: true
+          audience: ${{ needs.setup.outputs.aud }}
       - id: partition_version
         name: Partition Layer Version
         run: |
diff --git a/.github/workflows/layers_partitions.yml b/.github/workflows/layers_partitions.yml
index e4860062b..151702be7 100644
--- a/.github/workflows/layers_partitions.yml
+++ b/.github/workflows/layers_partitions.yml
@@ -49,6 +49,7 @@ jobs:
     outputs:
       regions: ${{ format('{0}{1}', steps.regions_china.outputs.regions, steps.regions_govcloud.outputs.regions) }}
       parition: ${{ format('{0}{1}', steps.regions_china.outputs.partition, steps.regions_govcloud.outputs.parition) }}
+      aud: ${{ format('{0}{1}', steps.regions_china.outputs.aud, steps.regions_govcloud.outputs.aud) }}
     steps:
       - id: regions_china
         name: Parition (China)
@@ -56,12 +57,14 @@ jobs:
         run: |
           echo regions='["cn-north-1", "cn-northwest-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-cn'>> "$GITHUB_OUTPUT"
+          echo aud='sts.amazonaws.com.cn'>> "$GITHUB_OUTPUT"
       - id: regions_govcloud
         name: Partition (GovCloud)
         if: ${{ inputs.partition == 'GovCloud' }}
         run: |
           echo regions='["us-gov-east-1", "us-gov-west-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-us-gov'>> "$GITHUB_OUTPUT"
+          echo aud='sts.amazonaws.com'>> "$GITHUB_OUTPUT"
   download:
     runs-on: ubuntu-latest
     permissions:
@@ -130,6 +133,7 @@ jobs:
           role-to-assume: ${{ secrets[format('IAM_ROLE_{0}', steps.transform.outputs.CONVERTED_REGION)] }}
           aws-region: ${{ matrix.region}}
           mask-aws-account-id: true
+          audience: ${{ needs.setup.outputs.aud }}
       - name: Create Layer
         id: create-layer
         run: |

From a0a2c0ae45e9d7d6b993b869c5c846b5e0cbe0fd Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Wed, 11 Jun 2025 12:58:54 +0000
Subject: [PATCH 2/7] remove region

---
 .github/workflows/layers_partitions.yml |  2 +-
 docs/getting-started/lambda-layers.md   | 74 +++++++++++++------------
 2 files changed, 39 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/layers_partitions.yml b/.github/workflows/layers_partitions.yml
index 151702be7..2fe2c46bf 100644
--- a/.github/workflows/layers_partitions.yml
+++ b/.github/workflows/layers_partitions.yml
@@ -55,7 +55,7 @@ jobs:
         name: Parition (China)
         if: ${{ inputs.partition == 'China' }}
         run: |
-          echo regions='["cn-north-1", "cn-northwest-1"]'>> "$GITHUB_OUTPUT"
+          echo regions='["cn-north-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-cn'>> "$GITHUB_OUTPUT"
           echo aud='sts.amazonaws.com.cn'>> "$GITHUB_OUTPUT"
       - id: regions_govcloud
diff --git a/docs/getting-started/lambda-layers.md b/docs/getting-started/lambda-layers.md
index 6aec4aa1b..01afcf130 100644
--- a/docs/getting-started/lambda-layers.md
+++ b/docs/getting-started/lambda-layers.md
@@ -17,42 +17,44 @@ We publish the Lambda Layer for Powertools for AWS Lambda in all commercial regi
 
     Open an [issue](https://github.com/aws-powertools/powertools-lambda-typescript/issues/new?template=feature_request.yml&title=Feature%20request%3A%20missing%20Lambda%20layer%20region) in our GitHub repository to request it.
 
-| Region           | Layer ARN                                                                                                 |
-| ---------------- | --------------------------------------------------------------------------------------------------------- |
-| `us-east-1`      | [arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `us-east-2`      | [arn:aws:lambda:us-east-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `us-west-1`      | [arn:aws:lambda:us-west-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `us-west-2`      | [arn:aws:lambda:us-west-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `ap-south-1`     | [arn:aws:lambda:ap-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}           |
-| `ap-south-2`     | [arn:aws:lambda:ap-south-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}           |
-| `ap-east-1`      | [arn:aws:lambda:ap-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `ap-northeast-1` | [arn:aws:lambda:ap-northeast-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-northeast-2` | [arn:aws:lambda:ap-northeast-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-northeast-3` | [arn:aws:lambda:ap-northeast-3:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-southeast-1` | [arn:aws:lambda:ap-southeast-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-southeast-2` | [arn:aws:lambda:ap-southeast-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-southeast-3` | [arn:aws:lambda:ap-southeast-3:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-southeast-4` | [arn:aws:lambda:ap-southeast-4:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-southeast-5` | [arn:aws:lambda:ap-southeast-5:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `ap-southeast-7` | [arn:aws:lambda:ap-southeast-7:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}       |
-| `eu-central-1`   | [arn:aws:lambda:eu-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}         |
-| `eu-central-2`   | [arn:aws:lambda:eu-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}         |
-| `eu-west-1`      | [arn:aws:lambda:eu-west-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `eu-west-2`      | [arn:aws:lambda:eu-west-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `eu-west-3`      | [arn:aws:lambda:eu-west-3:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `eu-north-1`     | [arn:aws:lambda:eu-north-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}           |
-| `eu-south-1`     | [arn:aws:lambda:eu-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}           |
-| `eu-south-2`     | [arn:aws:lambda:eu-south-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}           |
-| `ca-central-1`   | [arn:aws:lambda:ca-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}         |
-| `ca-west-1`      | [arn:aws:lambda:ca-west-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `sa-east-1`      | [arn:aws:lambda:sa-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
-| `af-south-1`     | [arn:aws:lambda:af-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}           |
-| `me-south-1`     | [arn:aws:lambda:me-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}           |
-| `me-central-1`   | [arn:aws:lambda:me-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}         |
-| `il-central-1`   | [arn:aws:lambda:il-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}         |
-| `mx-central-1`   | [arn:aws:lambda:mx-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}         |
-| `us-gov-west-1`  | [arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe} |
-| `us-gov-east-1`  | [arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe} |
+| Region           | Layer ARN                                                                                                  |
+| ---------------- | ---------------------------------------------------------------------------------------------------------- |
+| `us-east-1`      | [arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `us-east-2`      | [arn:aws:lambda:us-east-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `us-west-1`      | [arn:aws:lambda:us-west-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `us-west-2`      | [arn:aws:lambda:us-west-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `ap-south-1`     | [arn:aws:lambda:ap-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
+| `ap-south-2`     | [arn:aws:lambda:ap-south-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
+| `ap-east-1`      | [arn:aws:lambda:ap-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `ap-northeast-1` | [arn:aws:lambda:ap-northeast-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-northeast-2` | [arn:aws:lambda:ap-northeast-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-northeast-3` | [arn:aws:lambda:ap-northeast-3:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-southeast-1` | [arn:aws:lambda:ap-southeast-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-southeast-2` | [arn:aws:lambda:ap-southeast-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-southeast-3` | [arn:aws:lambda:ap-southeast-3:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-southeast-4` | [arn:aws:lambda:ap-southeast-4:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-southeast-5` | [arn:aws:lambda:ap-southeast-5:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `ap-southeast-7` | [arn:aws:lambda:ap-southeast-7:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}        |
+| `eu-central-1`   | [arn:aws:lambda:eu-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}          |
+| `eu-central-2`   | [arn:aws:lambda:eu-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}          |
+| `eu-west-1`      | [arn:aws:lambda:eu-west-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `eu-west-2`      | [arn:aws:lambda:eu-west-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `eu-west-3`      | [arn:aws:lambda:eu-west-3:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `eu-north-1`     | [arn:aws:lambda:eu-north-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
+| `eu-south-1`     | [arn:aws:lambda:eu-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
+| `eu-south-2`     | [arn:aws:lambda:eu-south-2:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
+| `ca-central-1`   | [arn:aws:lambda:ca-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}          |
+| `ca-west-1`      | [arn:aws:lambda:ca-west-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `sa-east-1`      | [arn:aws:lambda:sa-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}             |
+| `af-south-1`     | [arn:aws:lambda:af-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
+| `me-south-1`     | [arn:aws:lambda:me-south-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}            |
+| `me-central-1`   | [arn:aws:lambda:me-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}          |
+| `il-central-1`   | [arn:aws:lambda:il-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}          |
+| `mx-central-1`   | [arn:aws:lambda:mx-central-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}          |
+| `us-gov-west-1`  | [arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}  |
+| `us-gov-east-1`  | [arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}  |
+| `cn-north-1`     | [arn:aws-aws-cn:lambda:cn-north-1:498634801083:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}     |
+| `cn-northwest-1` | [arn:aws-aws-cn:lambda:cn-northwest-1:499712207924:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe} |
 
 ### Lookup Layer ARN via AWS SSM Parameter Store
 

From 7f9be5ade96f669d2449c59d3ea41193599b283d Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Wed, 11 Jun 2025 13:00:04 +0000
Subject: [PATCH 3/7] add region back

---
 .github/workflows/layers_partitions.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/layers_partitions.yml b/.github/workflows/layers_partitions.yml
index 2fe2c46bf..151702be7 100644
--- a/.github/workflows/layers_partitions.yml
+++ b/.github/workflows/layers_partitions.yml
@@ -55,7 +55,7 @@ jobs:
         name: Parition (China)
         if: ${{ inputs.partition == 'China' }}
         run: |
-          echo regions='["cn-north-1"]'>> "$GITHUB_OUTPUT"
+          echo regions='["cn-north-1", "cn-northwest-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-cn'>> "$GITHUB_OUTPUT"
           echo aud='sts.amazonaws.com.cn'>> "$GITHUB_OUTPUT"
       - id: regions_govcloud

From 0e9b3afdda2287d2fed3e7ffc9f864ce5cae82cc Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Fri, 13 Jun 2025 09:38:28 +0000
Subject: [PATCH 4/7] remove cn-northwest-1 due to issues with deployment

---
 .github/workflows/layers_partition_verify.yml | 2 +-
 .github/workflows/layers_partitions.yml       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/layers_partition_verify.yml b/.github/workflows/layers_partition_verify.yml
index dac9da885..f27c676d1 100644
--- a/.github/workflows/layers_partition_verify.yml
+++ b/.github/workflows/layers_partition_verify.yml
@@ -58,7 +58,7 @@ jobs:
         name: Parition (China)
         if: ${{ inputs.partition == 'China' }}
         run: |
-          echo regions='["cn-north-1", "cn-northwest-1"]'>> "$GITHUB_OUTPUT"
+          echo regions='["cn-north-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-cn'>> "$GITHUB_OUTPUT"
           echo aud='sts.amazonaws.com.cn'>> "$GITHUB_OUTPUT"
       - id: regions_govcloud
diff --git a/.github/workflows/layers_partitions.yml b/.github/workflows/layers_partitions.yml
index 151702be7..2fe2c46bf 100644
--- a/.github/workflows/layers_partitions.yml
+++ b/.github/workflows/layers_partitions.yml
@@ -55,7 +55,7 @@ jobs:
         name: Parition (China)
         if: ${{ inputs.partition == 'China' }}
         run: |
-          echo regions='["cn-north-1", "cn-northwest-1"]'>> "$GITHUB_OUTPUT"
+          echo regions='["cn-north-1"]'>> "$GITHUB_OUTPUT"
           echo partition='aws-cn'>> "$GITHUB_OUTPUT"
           echo aud='sts.amazonaws.com.cn'>> "$GITHUB_OUTPUT"
       - id: regions_govcloud

From 84f47a3437ded0bd0f2fb3ac565cb24777601dff Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 24 Jun 2025 14:37:34 +0100
Subject: [PATCH 5/7] Update lambda-layers.md

---
 docs/getting-started/lambda-layers.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/getting-started/lambda-layers.md b/docs/getting-started/lambda-layers.md
index 01afcf130..4da5696ce 100644
--- a/docs/getting-started/lambda-layers.md
+++ b/docs/getting-started/lambda-layers.md
@@ -54,7 +54,6 @@ We publish the Lambda Layer for Powertools for AWS Lambda in all commercial regi
 | `us-gov-west-1`  | [arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}  |
 | `us-gov-east-1`  | [arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}  |
 | `cn-north-1`     | [arn:aws-aws-cn:lambda:cn-north-1:498634801083:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe}     |
-| `cn-northwest-1` | [arn:aws-aws-cn:lambda:cn-northwest-1:499712207924:layer:AWSLambdaPowertoolsTypeScriptV2:28](#){: .copyMe} |
 
 ### Lookup Layer ARN via AWS SSM Parameter Store
 

From 23131de8ec025b47cc614dffc96b80f1bc4fe160 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 24 Jun 2025 14:39:28 +0100
Subject: [PATCH 6/7] Delete .github/workflows/layer_govcloud_verify.yml

delete file
---
 .github/workflows/layer_govcloud_verify.yml | 108 --------------------
 1 file changed, 108 deletions(-)
 delete mode 100644 .github/workflows/layer_govcloud_verify.yml

diff --git a/.github/workflows/layer_govcloud_verify.yml b/.github/workflows/layer_govcloud_verify.yml
deleted file mode 100644
index e417dcb03..000000000
--- a/.github/workflows/layer_govcloud_verify.yml
+++ /dev/null
@@ -1,108 +0,0 @@
-# GovCloud Layer Verification
-# ---
-# This workflow queries the GovCloud layer info in production only
-
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        description: Deployment environment
-        type: choice
-        options:
-          - Gamma
-          - Prod
-        required: true
-      version:
-        description: Layer version to verify
-        type: string
-        required: true
-      govcloud_version:
-        description: GovCloud Layer version to verify, this is mostly used in Gamma where a version mismatch might exist
-        type: string
-        required: false
-
-  workflow_call:
-    inputs:
-      environment:
-        description: Deployment environment
-        type: string
-        required: true
-      version:
-        description: Layer version to verify
-        type: string
-        required: true
-      govcloud_version:
-        description: GovCloud Layer version to verify, this is mostly used in Gamma where a version mismatch might exist
-        type: string
-        required: false
-
-name: Layer Verification (GovCloud)
-run-name: Layer Verification (GovCloud) / Version ${{ inputs.version }}
-
-permissions: {}
-
-jobs:
-  commercial:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    environment: Prod (Readonly)
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
-        with:
-          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
-          aws-region: us-east-1
-          mask-aws-account-id: true
-      - name: Output AWSLambdaPowertoolsTypeScriptV2
-        # fetch the specific layer version information from the us-east-1 commercial region
-        run: |
-          aws --region us-east-1 lambda get-layer-version-by-arn --arn 'arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.version }}' > AWSLambdaPowertoolsTypeScriptV2.json
-      - name: Store Metadata
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: AWSLambdaPowertoolsTypeScriptV2.json
-          path: AWSLambdaPowertoolsTypeScriptV2.json
-          retention-days: 1
-          if-no-files-found: error
-
-  verify:
-    name: Verify
-    needs: commercial
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    environment: GovCloud ${{ inputs.environment }}
-    strategy:
-      matrix:
-        region:
-          - us-gov-east-1
-          - us-gov-west-1
-    steps:
-      - name: Download Metadata
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: AWSLambdaPowertoolsTypeScriptV2.json
-      - id: transform
-        run: |
-          echo 'CONVERTED_REGION=${{ matrix.region }}' | tr 'a-z\-' 'A-Z_' >> "$GITHUB_OUTPUT"
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
-        with:
-          role-to-assume: ${{ secrets[format('IAM_ROLE_{0}', steps.transform.outputs.CONVERTED_REGION)] }}
-          aws-region: ${{ matrix.region}}
-          mask-aws-account-id: true
-      - id: govcloud_version
-        name: GovCloud Layer Version
-        run: |
-          echo 'govcloud_version=$([[ -n "${{ inputs.govcloud_version}}" ]] && echo ${{ inputs.govcloud_version}} || echo ${{ inputs.version }} )' >> "$GITHUB_OUTPUT"
-      - name: Verify Layer
-        run: |
-          export layer_output='AWSLambdaPowertoolsTypeScriptV2-${{matrix.region}}.json'
-          aws --region ${{ matrix.region}} lambda get-layer-version-by-arn --arn "arn:aws-us-gov:lambda:${{ matrix.region}}:${{ secrets[format('AWS_ACCOUNT_{0}', steps.transform.outputs.CONVERTED_REGION)] }}:layer:AWSLambdaPowertoolsTypeScriptV2:${{ steps.govcloud_version.outputs.govcloud_version }}" > $layer_output
-          REMOTE_SHA=$(jq -r '.Content.CodeSha256' $layer_output)
-          LOCAL_SHA=$(jq -r '.Content.CodeSha256' AWSLambdaPowertoolsTypeScriptV2.json)
-          test "$REMOTE_SHA" == "$LOCAL_SHA" && echo "SHA OK: ${LOCAL_SHA}" || exit 1
-          jq -s -r '["Layer Arn", "Runtimes", "Version", "Description", "SHA256"], ([.[0], .[1]] | .[] | [.LayerArn, (.CompatibleRuntimes | join("/")), .Version, .Description, .Content.CodeSha256]) |@tsv' AWSLambdaPowertoolsTypeScriptV2.json $layer_output | column -t -s $'\t'
\ No newline at end of file

From 0a397fe3de621bba745e51d03dbc2cc37e9fc487 Mon Sep 17 00:00:00 2001
From: Simon Thulbourn <sthulb@users.noreply.github.com>
Date: Tue, 24 Jun 2025 14:40:17 +0100
Subject: [PATCH 7/7] Delete .github/workflows/layers_govcloud.yml

---
 .github/workflows/layers_govcloud.yml | 145 --------------------------
 1 file changed, 145 deletions(-)
 delete mode 100644 .github/workflows/layers_govcloud.yml

diff --git a/.github/workflows/layers_govcloud.yml b/.github/workflows/layers_govcloud.yml
deleted file mode 100644
index fee786f91..000000000
--- a/.github/workflows/layers_govcloud.yml
+++ /dev/null
@@ -1,145 +0,0 @@
-name: Layer Deployment (GovCloud)
-
-# GovCloud Layer Publish
-# ---
-# This workflow publishes a specific layer version in an AWS account based on the environment input.
-#
-# We pull each the version of the layer and store them as artifacts, the we upload them to each of the GovCloud AWS accounts.
-#
-# A number of safety checks are performed to ensure safety.
-
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        description: Deployment environment
-        type: choice
-        options:
-          - Gamma
-          - Prod
-        required: true
-      version:
-        description: Layer version to duplicate
-        type: string
-        required: true
-  workflow_call:
-    inputs:
-      environment:
-        description: Deployment environment
-        type: string
-        required: true
-      version:
-        description: Layer version to duplicate
-        type: string
-        required: true
-
-run-name: Layer Deployment (GovCloud) - ${{ inputs.environment }} / Version - ${{ inputs.version }}
-
-permissions:
-  contents: read
-
-jobs:
-  download:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    environment: Prod (Readonly)
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
-        with:
-          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
-          aws-region: us-east-1
-          mask-aws-account-id: true
-      - name: Grab Zip
-        run: |
-          aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.version }} --query 'Content.Location' | xargs curl -L -o AWSLambdaPowertoolsTypeScriptV2.zip
-          aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.version }} > AWSLambdaPowertoolsTypeScriptV2.json
-      - name: Store Zip
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: AWSLambdaPowertoolsTypeScriptV2.zip
-          path: AWSLambdaPowertoolsTypeScriptV2.zip
-          retention-days: 1
-          if-no-files-found: error
-      - name: Store Metadata
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: AWSLambdaPowertoolsTypeScriptV2.json
-          path: AWSLambdaPowertoolsTypeScriptV2.json
-          retention-days: 1
-          if-no-files-found: error
-
-  copy:
-    name: Copy
-    needs: download
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-    environment: GovCloud ${{ inputs.environment }}
-    strategy:
-      matrix:
-        region:
-          - us-gov-east-1
-          - us-gov-west-1
-    steps:
-      - name: Download Zip
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: AWSLambdaPowertoolsTypeScriptV2.zip
-      - name: Download Metadata
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: AWSLambdaPowertoolsTypeScriptV2.json
-      - name: Verify Layer Signature
-        run: |
-          SHA=$(jq -r '.Content.CodeSha256' 'AWSLambdaPowertoolsTypeScriptV2.json')
-          test "$(openssl dgst -sha256 -binary AWSLambdaPowertoolsTypeScriptV2.zip | openssl enc -base64)" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1
-      - id: transform
-        run: |
-          echo 'CONVERTED_REGION=${{ matrix.region }}' | tr 'a-z\-' 'A-Z_' >> "$GITHUB_OUTPUT"
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
-        with:
-          role-to-assume: ${{ secrets[format('IAM_ROLE_{0}', steps.transform.outputs.CONVERTED_REGION)] }}
-          aws-region: ${{ matrix.region}}
-          mask-aws-account-id: true
-      - name: Create Layer
-        id: create-layer
-        run: |
-          cat AWSLambdaPowertoolsTypeScriptV2.json | jq '{"LayerName": "AWSLambdaPowertoolsTypeScriptV2", "Description": .Description, "CompatibleRuntimes": .CompatibleRuntimes, "LicenseInfo": .LicenseInfo}' > input.json
-        
-          LAYER_VERSION=$(aws --region ${{ matrix.region}} lambda publish-layer-version \
-            --zip-file fileb://./AWSLambdaPowertoolsTypeScriptV2.zip \
-            --cli-input-json file://./input.json \
-            --query 'Version' \
-            --output text)
-
-          echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT"
-
-          aws --region ${{ matrix.region}} lambda add-layer-version-permission \
-            --layer-name 'AWSLambdaPowertoolsTypeScriptV2' \
-            --statement-id 'PublicLayer' \
-            --action lambda:GetLayerVersion \
-            --principal '*' \
-            --version-number "$LAYER_VERSION"
-      - name: Verify Layer
-        env:
-          LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }}
-        run: |
-          export layer_output='AWSLambdaPowertoolsTypeScriptV2-${{matrix.region}}.json'
-          aws --region ${{ matrix.region}} lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:${{ matrix.region}}:${{ secrets[format('AWS_ACCOUNT_{0}', steps.transform.outputs.CONVERTED_REGION)] }}:layer:AWSLambdaPowertoolsTypeScriptV2:${{ env.LAYER_VERSION }}' > $layer_output
-          REMOTE_SHA=$(jq -r '.Content.CodeSha256' $layer_output)
-          LOCAL_SHA=$(jq -r '.Content.CodeSha256' AWSLambdaPowertoolsTypeScriptV2.json)
-          test "$REMOTE_SHA" == "$LOCAL_SHA" && echo "SHA OK: ${LOCAL_SHA}" || exit 1
-          jq -s -r '["Layer Arn", "Runtimes", "Version", "Description", "SHA256"], ([.[0], .[1]] | .[] | [.LayerArn, (.CompatibleRuntimes | join("/")), .Version, .Description, .Content.CodeSha256]) |@tsv' AWSLambdaPowertoolsTypeScriptV2.json $layer_output | column -t -s $'\t'
-
-      - name: Store Metadata - ${{ matrix.region }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: AWSLambdaPowertoolsTypeScriptV2-${{ matrix.region }}.json
-          path: AWSLambdaPowertoolsTypeScriptV2-${{ matrix.region }}.json
-          retention-days: 1
-          if-no-files-found: error
\ No newline at end of file